Fortinet black logo

SWG with VPN Deployment Guide

Home FortiSASE SWG with VPN Deployment Guide

Configuring RADIUS users

Configuring RADIUS users

Depending on the authentication source, the user configuration steps differ. The example shows configuring a RADIUS server and user groups. For configuring other authentication sources, see Authentication Sources and Access.

If Secure Web Gateway (SWG) user single sign on (SSO) is configured, RADIUS user configuration does not take effect. If you plan to use RADIUS, first delete your SWG user SSO configuration.

To configure the RADIUS server:
  1. Go to Configuration > RADIUS.
  2. Click Create to add a new RADIUS server.
    1. Configure the RADIUS server settings:
    2. Enter the desired server name.
    3. Do not enable Include All Users unless you want all users on the RADIUS server to be allowed access to FortiSASE.
    4. Click Next.
    5. In the Primary Server > IP/Name field, enter the primary server IP address or fully qualified domain name.
    6. In the Primary Server > Secret field, enter the primary server secret.
    7. If your organization has a redundant RADIUS server, enter its information in the Secondary Server section.
  3. Click Test Connection.
  4. Do one of the following:
    1. If the connection succeeds, click Next.
    2. If the connection does not succeed, try again. Confirm your RADIUS server allows traffic from the FortiSASE gateway IP address. This may require sniffing for traffic on port 1812.
  5. Review and submit the settings.
To configure a RADIUS user group:
  1. Go to Configuration > Users.
  2. Click Create.
  3. Configure the RADIUS user group(s):
    1. In the Name field, enter the desired name.
    2. Under Remote Groups, click Create.
    3. From the Remote Server dropdown list, select the RADIUS server that you created.
    4. In the Groups field, enter the group names of the group(s) that will be allowed access on FortiSASE.

  4. Click OK.
  5. Click OK again.
  6. A slide-in appears with instructions on how to onboard an end user. Follow the steps under SWG Users to download the SWG certificate for usage on the client. The certificate package contains the built-in certificate authority certificate for the FortiSASE instance. This must be installed in the certificate store on the client to trust the certificate chain for pages that FortiSASE has signed.
  7. Click Close.
Previous
Next

Configuring RADIUS users

Depending on the authentication source, the user configuration steps differ. The example shows configuring a RADIUS server and user groups. For configuring other authentication sources, see Authentication Sources and Access.

If Secure Web Gateway (SWG) user single sign on (SSO) is configured, RADIUS user configuration does not take effect. If you plan to use RADIUS, first delete your SWG user SSO configuration.

To configure the RADIUS server:
  1. Go to Configuration > RADIUS.
  2. Click Create to add a new RADIUS server.
    1. Configure the RADIUS server settings:
    2. Enter the desired server name.
    3. Do not enable Include All Users unless you want all users on the RADIUS server to be allowed access to FortiSASE.
    4. Click Next.
    5. In the Primary Server > IP/Name field, enter the primary server IP address or fully qualified domain name.
    6. In the Primary Server > Secret field, enter the primary server secret.
    7. If your organization has a redundant RADIUS server, enter its information in the Secondary Server section.
  3. Click Test Connection.
  4. Do one of the following:
    1. If the connection succeeds, click Next.
    2. If the connection does not succeed, try again. Confirm your RADIUS server allows traffic from the FortiSASE gateway IP address. This may require sniffing for traffic on port 1812.
  5. Review and submit the settings.
To configure a RADIUS user group:
  1. Go to Configuration > Users.
  2. Click Create.
  3. Configure the RADIUS user group(s):
    1. In the Name field, enter the desired name.
    2. Under Remote Groups, click Create.
    3. From the Remote Server dropdown list, select the RADIUS server that you created.
    4. In the Groups field, enter the group names of the group(s) that will be allowed access on FortiSASE.

  4. Click OK.
  5. Click OK again.
  6. A slide-in appears with instructions on how to onboard an end user. Follow the steps under SWG Users to download the SWG certificate for usage on the client. The certificate package contains the built-in certificate authority certificate for the FortiSASE instance. This must be installed in the certificate store on the client to trust the certificate chain for pages that FortiSASE has signed.
  7. Click Close.
Previous
Next